CVE-2015-5289: Buffer Overflow
First published: Mon Oct 26 2015(Updated: )
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL Client | >=9.3.0<9.3.10 | |
| PostgreSQL Client | >=9.4.0<9.4.5 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=08fa47c4850cea32c3116665975bca219fbf2fe6
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html
- http://www.debian.org/security/2015/dsa-3374
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.postgresql.org/about/news/1615/
- http://www.postgresql.org/docs/9.3/static/release-9-3-10.html
- http://www.postgresql.org/docs/9.4/static/release-9-4-5.html
- http://www.securityfocus.com/bid/77048
- http://www.securitytracker.com/id/1033775
- http://www.ubuntu.com/usn/USN-2772-1
- https://security.gentoo.org/glsa/201701-33
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=08fa47c4850cea32c3116665975bca219fbf2fe6
Frequently Asked Questions
What is the severity of CVE-2015-5289?
CVE-2015-5289 is classified as a high severity vulnerability due to its ability to cause a denial of service by crashing the server.
How do I fix CVE-2015-5289?
To fix CVE-2015-5289, upgrade PostgreSQL to version 9.3.10 or later for the 9.3.x series or version 9.4.5 or later for the 9.4.x series.
What are the implications of exploiting CVE-2015-5289?
Exploiting CVE-2015-5289 allows attackers to trigger stack-based buffer overflows leading to server crashes, resulting in service disruption.
Which PostgreSQL versions are affected by CVE-2015-5289?
CVE-2015-5289 affects PostgreSQL versions prior to 9.3.10 and 9.4.5.
Is CVE-2015-5289 related to JSON parsing?
Yes, CVE-2015-5289 involves multiple stack-based buffer overflows specifically in the JSON parsing functionality of PostgreSQL.
- agent/type
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql client
- version/postgresql client/9.3.0
- version/postgresql client/9.4.0
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04